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DETAILED ACTION 

Claims 1-2 and 12 have been amended. Claims 1-18 are pending. 

Response to Amendment 

In light of applicant's amendments to the specification and drawings filed on 
4/1 1/2005, the examiner withdraws the objections made in the previous office action. 
The examiner also withdraws the previous office action's 112, second paragraph 
rejections in light of applicant's amendments. 

Response to Arguments 

Applicant's arguments filed 4/1 1/2005 have been fully considered but they are 
not persuasive. Applicant's arguments are directed towards independent claim 1. 

Applicant first states that He et al is concerned with a number of failed 
authentication attempts and log-in attempts and authentication and logging-in are not 
the same as the user requesting a communication address. Therefore, applicant 
believes that He et al does not disclose processing the communication address request 
based on a failure count accessed using the identifier for the user equipment. The 
examiner asserts that He et al is directed towards a security system for user access to 
network elements and a network (col 1, lines 55-56 and col 3, lines 10-15). In col 3, 
lines 10-15 He et al discloses how a user can dial up a server to have access to a 
network. To have access to a network, the user must obtain a communication address, 
i.e. IP or network address. The examiner also notes that although He et al disclose that 
it is the user making the request, as the user must use a user equipment to make the 
request, inherently from the network's perspective, the request is coming from the user 
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equipment. Column 17, lines 13-17 cited by the examiner shows how after a certain 
number of failed authentication attempts (to log on to a network/obtain a communication 
address) the account is brought to an administrator's attention. The examiner believes 
this meets the limitation of processing the request based on a failure count. The 
identifier of the user equipment is also inherently whatever identifier the user used to 
make the request (i.e. perhaps a user id, other type of account identifier, and/or 
password). 

Applicant then states that Asokan does not disclose processing the 
communication address request based on a failure count accessed using the identifier 
for the user equipment. The examiner did not use Asokan to show this limitation. The 
examiner used He et al. 

Applicant then cited two cases which state that the examiner must provide 
particular findings as to why the two pieces of prior art are combinable and that broad 
conclusory statements standing alone are not evidence. Basically, the applicant is 
arguing that the examiner did not have proper motivation to combine He et al and 
Asokan. The examiner notes that on p12, lines 8-10 of applicant's arguments that the 
applicant lists three sources from which motivation to combine art references can come: 

1 . The statements in the prior art (patents themselves), 

2. The knowledge of one of ordinary skill in the art, or in some cases, 

3. The nature of the problem to be solved. 
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The examiner asserts that the He et al's invention was directed towards a 
security system for a network. He et al did not explicitly disclose that the request was 
coming from a user equipment, although this was inherent. Therefore, the examiner 
cited passages from Asokan showing explicitly that a user equipment, i.e. node, can 
make a request for an address (p1, paragraph 9). Asokan discloses address acquisition 
in a network. He et al discloses security for a network. The examiner believes that the 
fields disclosed by He et al and Asokan are similar— they both deal with computer 
networks. As the examiner used Asokan to show explicitly what was inherent to He et 
al (that the request from the user also counts as a request from a user equipment), the 
examiner believes that the motivation the examiner provided was sufficient to show that 
one of ordinary skill would have had reasons to combine the two teachings. That is, 
"when receiving any sort of request for use of resources in network," one of ordinary 
skill would be motivated "to also process the request based on a failure count using the 
identifier" (of the user equipment) "as this would prevent a brute force authentication 
attack on the network by the user equipment." Brute force attacks are well known in the 
art, so this motivation comes from knowledge of one of ordinary skill in the art and from 
the nature of the problem to be solved by He et al, i.e. providing a security system for a 
network (col 1, lines 55-56). 

Applicant then argues that the two environments and corresponding objectives 
for He et al and Asokan are dissimilar. The examiner asserts that He et al was 
concerned with providing security for a computer network (col 1, lines 55-56). Asokan 
disclosed a GPRS system, but that system still comprises computing devices, therefore 
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the GPRS system is still a computer network. Asokan's objective related to address 
acquisition (p1 , paragraph 1 , line 1). He et al was also concerned controlling access to 
network resources (col 1, lines 55-59). An address is a network resource. Therefore, 
the environments and objectives of He et al and Asokan are not dissimilar as applicant 
has asserted. 

Applicant then states that the examiner used impermissible hindsight 
reconstruction to reject the claims. The examiner has already stated how the examiner 
was only using Asokan to show explicitly what was inherent to He et al already. 
Further, the examiner gave proper motivations for combining the two prior arts, 
therefore the examiner does not believe that any hindsight was used to reconstruct the 
limitations of claim 1 . 

In light of the above, the examiner asserts that the examiner's previous rejection 
of claim 1 was proper. As applicant did not argue any of the dependent claim 
rejections, the examiner assumes applicant agrees with their rejection. Therefore, the 
examiner's rejections of the dependent claims are maintained. The examiner will copy 
and paste the previous office action's rejection below and modify where necessary to 
reflect any claim amendments on the part of the applicant. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-4, 8-10, 12, and 15-17 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 

2001/0017856). 

1 . Claim 1 : He et al disclose a method for protecting use of resources in a 
network comprising, processing a request for network resource based on a 
failure count accessed using the identifier for the user equipment, the failure 
count indicating a number of times the user equipment has been denied 
registration (col 17, line 13-17 and col 26, lines 40-52). He et al does not 
explicitly disclose receiving a communication address request for a temporary 
communication address from user equipment, the communication address 
request including an identifier of the user equipment. However, a request by 
user equipment for a communication address has been known to one of 
ordinary skill in the art at the time of the applicants invention. It is also known 
by one of ordinary skill that the request can include the user equipment's 
identifier, which is used for authenticating whether or not the user equipment 
has rights to access a network resource. Further, requests of such nature are 
also explicitly disclosed by Asokan et al (p1 , paragraph 0009 and p9, claim 
1 1). A communication address is itself a network resource. One of ordinary 
skill would be motivated, when receiving any sort of request for use of 
resources in a network, to not only require an equipment identifier be sent 
with the request, but to also process the request based on a failure count 
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using the identifier as this would prevent a brute force authentication attack 
on the network by the user equipment. The examiner has interpreted 
authentication attempts to be the same thing as registration attempts. 

2. Claim 2: He et al disclose the method of claim 1 , wherein the processing step 
comprises: 

a. Accessing the failure count for the user equipment based on the identifier 
(col 17, line 13-17 and col 26, lines 40-52). 

b. Ignoring the communication address request if the failure count exceeds a 
predetermined threshold (col 17, line 13-17 and col 26, lines 40-52). 

The examiner has interpreted an identifier as any sort of user id, 
password, serial number, network account, or MAC address associated with 
the user equipment which uniquely identifies the user equipment. 

3. Claim 3: He et al disclose the method of claim 2, wherein the processing step 
comprises continuing with a registration process if the failure count does not 
exceed a predetermined threshold (col 17, line 13-17 and col 26, lines 40-52). 

4. Claim 4: He et al disclose the method of claim 4, further comprising 
incrementing the failure count for the user equipment if during a registration 
process the user equipment is not authenticated (col 17, line 13-17 and col 
26, lines 40-52). It is inherent that since He et al discloses the number of 
failures can reach a certain predetermined threshold that the failure count 
must increase when the user equipment fails to authenticate properly. 
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5. Claim 9 and 16: He et al disclose the method of claim 3 and claim 1 
respectively, wherein a processing step continues a registration process if a 
failure count does not exist for the user equipment (col 26, lines 40-52). He et 
al disclosed that it is possible for the user equipment to not be found in a 
registration database, which means there would also be no failure count for 
that user equipment. 

6. Claims 10 and 17: He et al disclose the method of claim 9 and claim 16 
respectively, further comprising: 

a. Incrementing the failure count for the user equipment if a failure count was 
accessed and if during the registration process the user equipment is not 
authenticated (col 26, lines 40-52). 

b. Initializing a failure count for the user equipment to an initial value if a 
failure count does not exist for the user equipment and if during the 
registration process the user equipment is not authenticated (col 26, lines 
40-52). 

7. Claim 12: He et al disclose the method of claim 1 , further comprising 
incrementing the failure count for the user equipment if during a registration 
process the user equipment is not authenticated (col 26, lines 40-52). 

8. Claims 8 and 15: He et al disclose the method of claim 4 and claim 12 
respectively, further comprising decrementing the failure count after a 
predetermined period of time (col 17, lines 13-17). The examiner has 
interpreted the time for an examination of the account to be complete to be a 
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predetermined period of time. In this case, it is inherent that since He et al 
disclose the account being only temporarily disabled that the failure count 
must be decremented at some point in time. Further, the examiner would like 
to note that one of ordinary skill in the art at the time of the applicant's 
invention would most likely recognize the advantage of automatically 
decrementing the failure count after a certain predetermined time period as 
this would allow a legitimate user of the account to be able to log on without 
an administrator's intervention after their account is temporarily disabled 
either by them or someone else. For a large enough user or equipment base 
in a network, if the administrator had to get involved with every single 
investigation before valid accounts are re-enabled, it could turn into a very 
time consuming task for the administrator. 
Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over He et al 

(U.S. 6,088,451) in view of Asokan et al (U.S. 2001/0017856) and Holmes et al (U.S. 

6,230,009). 

1. Claim 11: He et al do not disclose a method claim 10, wherein the user 
equipment is a mobile station in one of a data network and a wireless voice 
network. However, Holmes et al disclose a communication network 
consisting of a mobile station in a data and wireless voice network (col 1 , 
lines 23-26). One of ordinary skill in the art would be motivated to implement 
a security feature in the communication network disclosed by Holmes et al 



Application/Control Number: 09/878,230 Page 10 

Art Unit: 2135 

which keeps track of a registration failure count of a user equipment as this 
would make the network more secure and protect resources in the network. 
Claims 5, 7 and 13-14 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 

2001/0017856) and Nawrocki (U.S. 6,256,116). 

1 . Claims 5 and 13: He et al do not disclose the method of claim 4 and claim 12 
respectively, further comprising sending a message to the user equipment 
instructing the user equipment not to attempt registration for a predetermined 
period of time if the incremented failure count equals or exceeds the 
predetermined threshold. However, sending a message to a user instructing 
him/her to stop trying to authenticate/register for a predetermined amount of 
time after a predetermined failure-to-authenticate count has been reached is 
known to one of ordinary skill in the art at the time of the applicant's invention. 
Further, Nawrocki discloses a request-to-stop transmission attempts being 
sent by a facsimile-blocking device to a facsimile machine (col 1, lines, 35- 
44). One of ordinary skill would recognize that it would be advantageous to 
send a request-to-stop transmission for a predetermined amount of time 
message to the user equipment whose registration attempts has reached or 
exceeded a predetermined failure threshold as it would save network 
resources if the user equipment followed the message's instruction. The 
examiner has interpreted any authentication or registration attempts by the 
user equipment as a type of transmission by the user equipment. 
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2. Claims 7 and 14: He et al do not disclose a method of claim 5 and claim 13 
respectively, further comprising decrementing the failure count after a 
predetermined period of time has elapsed from a sending step. However, He 
et al disclose decrementing the failure count after a predetermined period of 
time (col 17, lines 13-17). It would make sense to start the count down of 
when to decrement the failure count from the point in which the message was 
sent as this would most likely coincide with the time when the failure threshold 
was reached. The examiner would like to note that there is no way to 
guarantee that the user equipment will follow the instruction to not try to 
register again for a certain time period as the user equipment could be 
outside the control of the network with which it is trying to register. „ 
Claims 6 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

He et al (U.S. 6,088,451) in view of Asokan et al (U.S. 2001/0017856), Holmes et al 

(U.S. 6,230,009), and Nawrocki (U.S. 6,256,116). 

1 . Claims 6 and 18: He et al do not disclose a method of claim 5 and claim 1 
respectively wherein the user equipment is a mobile station in one of a data 
network and a wireless voice network. However, Holmes et al disclose a 
communication network consisting of a mobile station in a data and wireless 
voice network (col 1 , lines 23-26). One of ordinary skill in the art would be 
motivated to implement a security feature in the communication network 
disclosed by Holmes et al which keeps track of a registration failure count of a 
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user equipment as this would make the network more secure and protect 
resources in the network. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 8:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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